Proposal: consumer sends special openid.server discovery header
mart at degeneration.co.uk
Fri May 20 09:35:50 PDT 2005
Brad Fitzpatrick wrote:
> On Fri, 20 May 2005, Martin Atkins wrote:
>>>1) New URL argument:
>>>2) New HTTP header:
>>I don't really like either of those options, but I'd pick 1) if I had to
>>choose, for the reasons you state. People would forget to use the
>>no-cache directive, and in most cases it'll be fine but then there'll be
>>some weird case where for some reason a consumer (or a non-browser
>>client, more likely) makes a request through a shared proxy and it'll
>>screw everything up.
> What about User-Agent including "openid.discover" somewhere in it?
That suffers the same issue as the non-standard header. Proxies don't
(by default) distinguish between User-Agent values. Including User-Agent
in "Vary" is dubious, too, as it's really intended for the Accept-*
family of headers.
More information about the yadis